From 9692d409658ce552ab3e0d9f41aadca1c7bcb407 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 28 Jun 2014 22:37:14 +0200
Subject: Make genkeypair.sh able to display TXT record for DKIM signatures.

---
 roles/common/tasks/ipsec.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'roles/common/tasks/ipsec.yml')

diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index 5e0115e..d773c1c 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -1,8 +1,9 @@
 - name: Install strongSwan
   apt: pkg=strongswan-ikev2
 
-- name: Generate a key pair for IPSec
-  command: genkeypair.sh --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
+- name: Generate a private key and a X.509 certificate for IPSec
+  command: genkeypair.sh x509
+                         --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
                          --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key
                          --dns {{ inventory_hostname }}
                          -t ecdsa -b secp521r1 -h sha512
-- 
cgit v1.2.3